The Megabreach Is Back: Hacktivists To Blame For 58 Percent Of Stolen Data In 2011, Says Verizon Study

Move over organized cybercriminals, the new gangs in town don’t want our money, but they want to make a point, and they’re going to do whatever it takes to make sure we listen. The annual Data Breach Investigations Report (embedded below this post) from Verizon and major security agencies has found that hacktivism from the likes of Anonymous accounted for 58 percent of all data stolen online in 2012 — a contrast with years past, when organized crime groups were the main culprits.

And, as is the way with hacktivists, they work on large volumes of records rather than multiple, targeted opportunities: “The megabreach is back,” said Chris Porter, principal on the Risk team at Verizon.

In an investigation that also involved United States Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police, Verizon found that 2011 was the second-highest year for data loss that it has recorded, since it stated the annual investigation in 2004. In all, it analysed 855 data breaches covering 174 million stolen records and 100 million users.

One notable point is that while organized criminals will use the data for financial gain, hacktivists are wreaking havoc for political and social reasons.

Yet athough organized crime may have been, in volume, less active than the hacktivists, they were no less lethal in terms of what kind of cost they represented.

Verizon, frustratingly, doesn’t include any figures on what kind of cost these data breaches represent, but Porter describes the impact of the organized criminals as “death by a thousand paper cuts”, where they go after “less risky, low-hanging fruit,” that in aggregate can represent a very valuable enterprise.

That can include tactics like skimming information from card machines at gas pumps, breaches of e-commerce sites, and big thefts of data records from cloud-based services, such as the situation that hit Sony PlayStation last year.

Another point is that hacktivists’ tactics are also being adopted by others: although hacktivists accounted for 58 percent of stolen data, hacking actually appeared in 81 percent of breaches (versus 50 percent in 2010). Malware also grew in usage: it appeared in 69 percent of breaches, compared with 49 percent in 2010.

Attacks go global: In all, Verizon found breaches originating from 36 countries last year — a rise from 22 in 2010. That, admits Porter, is partly down to the fact that there was a larger global team of investigators this time around able to gather that data more comprehensively, but also a reflection on how criminal networks have expanded in their activities in an effort to elude authorities.

But that global spread collectively accounts for a very small part of stolen data. The big concentration of criminal activity, in fact, continues to come from one area in particular: Eastern Europe, which this year was the origination point for 70 percent of attacks. Less than 25 percent originated in North America, Verizon said.

One ironic conclusion in the report is that if businesses and the general public were only a bit more vigilant, the story would be quite a different one: of all the attacks 96 percent were deemed to be “not highly difficult”, and that 97 percent “were avoidable without the need for organizations to resort to difficult or expensive countermeasures.” In other words, a little proactive knowledge could go a long way in turning things around.

What about the year ahead? Porter said that if he had to make a calculated guess, the thought that hacktivism would be reduced this year, in part because of the disruption caused by enforcement agencies’ arrests.

However, stealing records has always only been part of hactivists’ tactics: some of their most-high profile activity, such as the series of moves that Anonymous made around their double campaign against SOPA and the closure of Megaupload, involved distributed denial of service attacks, which comprehensively shut down web sites and caused another kinds of financial havoc for their targets.

Although there have been some significant efforts from authorities to track down and arrest the hacktivists, notably the arrests last month of several members after one became an informant, there is all reason to believe that those attacks could continue into next year, if the crowd that helps in their efforts continues to feel the flames of discontent.